Docker login failing with self-signed certificate (404)

[Benjamin Jordan]

I'm running Nexus 3.0.2 on EC2 and have configured Jetty to use a self-signed certificate as described here. I am already using this server successfully for NuGet and NPM artifacts and am trying to use it for docker images via the docker-hosted recipe. I can navigate to the https endpoint in a browser, so it appears that Jetty is correctly configured.

I am trying to run docker login from my mac, but am receiving a 404:

docker login -u username -p password ...:8443

Error response from daemon: login attempt to http://...:8443/v2/ failed with status: 404 Not Found

I have added the certificate to my keychain, and it appears to be able to make an SSL connection (otherwise it wouldn't receive a 404). What appears to be happening is that it's connecting to a /v2 endpoint rather than a repository/docker-hosted/ endpoint-- that's just a guess though.

I've been reading through docs for hours but can't seem to find a solution.

Any takers?

[Rich Seddon]

Have you configured a connector port for the Docker repository you're trying to use, and if so, are you using that for the login?

https://help.sonatype.com/display/HSC/Private+Registry+for+Docker+-+NXRM+3#PrivateRegistryforDocker-NXRM3-SSLandRepositoryConnectorConfiguration

That will be needed, Docker repositories always need to run on context path "/" (that's a restriction imposed by the Docker protocol), so you can't use the main port Nexus is running on.

Rich

--
You received this message because you are subscribed to the Google Groups "Nexus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nexus-users+unsubscribe@glists.sonatype.com.
To post to this group, send email to nexus...@glists.sonatype.com.
To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/e1702fc5-a16c-4c71-81df-e6fecdf37ad4%40glists.sonatype.com.
For more options, visit https://groups.google.com/a/glists.sonatype.com/d/optout.

[Benjamin Jordan]

Rich, I owe you a beer. Somehow I missed that detail. Thank you so much, I am able to login now.

On Monday, August 14, 2017 at 8:32:46 AM UTC-7, Rich Seddon wrote:

Have you configured a connector port for the Docker repository you're trying to use, and if so, are you using that for the login?

https://help.sonatype.com/display/HSC/Private+Registry+for+Docker+-+NXRM+3#PrivateRegistryforDocker-NXRM3-SSLandRepositoryConnectorConfiguration

That will be needed, Docker repositories always need to run on context path "/" (that's a restriction imposed by the Docker protocol), so you can't use the main port Nexus is running on.

Rich

On Sun, Aug 13, 2017 at 1:04 PM, Benjamin Jordan <benj...@createar.co> wrote:

I'm running Nexus 3.0.2 on EC2 and have configured Jetty to use a self-signed certificate as described here. I am already using this server successfully for NuGet and NPM artifacts and am trying to use it for docker images via the docker-hosted recipe. I can navigate to the https endpoint in a browser, so it appears that Jetty is correctly configured.

I am trying to run docker login from my mac, but am receiving a 404:

docker login -u username -p password ...:8443

Error response from daemon: login attempt to http://...:8443/v2/ failed with status: 404 Not Found

I have added the certificate to my keychain, and it appears to be able to make an SSL connection (otherwise it wouldn't receive a 404). What appears to be happening is that it's connecting to a /v2 endpoint rather than a repository/docker-hosted/ endpoint-- that's just a guess though.

I've been reading through docs for hours but can't seem to find a solution.

Any takers?

--
You received this message because you are subscribed to the Google Groups "Nexus Users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to nexus-users...@glists.sonatype.com.

[Jeffry Hesse]

Rich is likely owed around a million beers at this point. If he cashes in we could see a gigantic impact to the beer industry. 

To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/fc57987c-f443-4cc4-a032-c7a32c54406c%40glists.sonatype.com.